The Snowden revelations, while dramatic, have done little to amp up public concern about personal surveillance.

After all, thanks to technology, electronic spying is cheap — so cheap the government can’t afford not to do it.

But what is the cost to society and to freedom? In this WhoWhatWhy Podcast, Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society, talks to Jeff Schechtman about the technology that tracks and stores emails and follows personal movement, about the amassing and mining of metadata, and how all this information is used and misused by the government.

She reveals government efforts to get social-media passwords and phone PINs from foreigners entering the country, and explains the underlying reason that the US government spies on foreigners: they are spying on us.

Granick reminds us that surveillance is not just something that happens to other people, and that antiquated 20th-Century laws and post-9/11 oversight are no match for the high-tech wizardry of modern-day surveillance in the wrong hands.

As a service to our readers, we provide transcripts with our podcasts. We try to ensure that these transcripts do not include errors. However, due to a constraint of resources, we are not always able to proofread them as closely as we would like and hope that you will excuse any errors that slipped through.

Jeff Schechtman: Welcome to Radio WhoWhatWhy. I’m Jeff Schechtman.

There is that famous quote from Scott McNeely, the founder of Sun Microsystems that “we have no privacy. Get over it”. I think to a large extent that’s how many people think, even those concerned about it think that there’s very little in this modern era that we can do about it. The Snowden Revelations, while dramatic and captivating for a few new cycles did only a little in the long run to amp up public concern about surveillance, data collection and privacy. Why is that? As the reality in technology of modern surveillance so disconnected from antiquated 20th-century laws that there’s just no legal through line with which to address it in ways that creates a story that the public can understand. We’re going to look at that today with my guest Jennifer Granick. She is director of civil liberties at the Stanford Center for Internet in Society. She’s taught cyber law, computer crime law, Internet liability and Internet law and policy. She also served as the civil liberties director of the Electronic Frontier Foundation and spent almost a decade practicing criminal defense law in California. She is the author of the new book American Spies: Modern Surveillance, Why You Should Care and What to doAbout It. Jennifer Granick, welcome to Radio WhoWhatWhy.

Jennifer Granick: Thanks for having me!

Jeff Schechtman: There seems to be an interesting disconnect in this, and I want to start from that and we’ll work our way back, in that the laws governing these things are antiquated because obviously technology has far surpassed any ability to change the law and yet there doesn’t seem to be the political will and/or outrage to generate the kind of political force that would begin to change the laws to address these things.

Jennifer Granick: Yeah, I think that’s right. Some of that is because people don’t fully understand what’s different about surveillance today from kind of our traditional conception of it.

Jeff Schechtman: Talk a little bit about that and one of the things that you write about in American Spies is that we think about surveillance, particularly electronic surveillance in kind of a mass collection sort of way. We don’t really think of it in the small, personal way that affects us.

Jennifer Granick: That’s right. I think people believe surveillance is something that happens to others, that the technology of surveillance today is such that instead of somebody trying to spy on people because they’re suspected of being in a drug cartel or because they’re foreign terrorists, there’s this broad, opportunistic, suspicionless collection that happens, which means that lots of random, innocent people’s information ends up in government databases and then that information can be searched or data mined after the fact. That means that, you know it’s not about being of interest. That’s not required to be collected on. People are collected on because they are using the Internet or because they are walking down the street and there’s a camera with facial recognition technology.

Once we understand how broad collection is, then I think people start to feel more engaged because they’ve realized: yes, my information could very well be in a database because I talk to people overseas, because I walked in front of these buildings, because I use the Internet, because I use social media.

Jeff Schechtman: Of course, the other part that grows out of that is the attitude of, I suppose a majority of people that well, I did nothing wrong, I have nothing to hide. Why should I care?

Jennifer Granick: I think a lot of people don’t understand how broad the law is, and there are a lot of things that are illegal that people have no idea that are illegal. Everybody, I think has something to hide. There are things you may not want your boss to know, there’s some things you may not want your kids to know, you may not want your mother to know, so I think everybody has something that they may want to keep private.

The ultimate thing that makes me worried about surveillance isn’t because I’m worried about myself, it’s because I’m worried about other people. The thing that makes me care is the spectre of political surveillance, where groups that are trying to make the world a better place, whatever they think that involves, are the ones who are going to be targeted.

Historically, vulnerable groups and people advocating for social change have always been the targets of surveillance. It’s not a right-left, Democrat-Republican thing. Surveillance can target gun right advocates as much as Black Lives Matter as much as Tea Party advocates. These are people who are challenging the status quo and who are seeking to change the balance of power, and so people who are in power who have access to the mechanisms of surveillance may not like that, and may be interested in spying on these people.

That’s what happened during the Civil Rights Era. We see it happening now with journalists, with Muslims, with political groups like Occupy and to me, that’s something that everybody should be worried about because democracy requires there to be this robust conversation about what our laws and our society ought to look like. If groups are squelched in that, then that’s just dangerous for everyone.

Jeff Schechtman: One of the other aspects of this mass collection of information that you talk about is the fact that it becomes easier and arguably, a lot less expensive to start mining all of this data through artificial intelligence and machines actually listening to it.

Jennifer Granick: Absolutely. In the olden days, you would need to hire a police officer to follow me 24/7. One of the main reasons that didn’t happen was because it just wasn’t worth it, just wasn’t worth the money. Well now, it’s really cheap and easy. There’s sensors everywhere, there are cameras everywhere, private and publicly owned and once that data is in computer storage, it’s unbelievably cheap now. So there’s really no incentive to throw anything away, that can just be there and then the only limitation there is the limits of our ability to data mine the information and make sense of it. New tools for that are being developed every day.

Jeff Schechtman: Speaking of technology, talk a little bit about what’s going on now and what we’ve been hearing about, particularly with respect to people coming into the country, foreigners coming into the country being asked for their social media passwords and pin numbers on their cell phones, etcetera.

Jennifer Granick: Yeah, I mean this is a really troublesome issue and it really highlights one of the points I make in the book and one of the things I think is really important. This not a privacy versus security debate. This is one kind of security versus another kind of security, where people are being asked to give up their individual security in order to, purportedly help greater national security.

But what’s happening here is: everybody tells you, don’t share your password. It’s not safe to do. If somebody has access to your password, they can not only look at your profile, they can change stuff on it, they can impersonate you and they may be able to use that access to get into other accounts you have, like your bank or whatever. So this is one of the basics of computer security, which is don’t share passwords. Yet here we have, purportedly in the name of national security, this policy that’s going to demand that people turn over their passwords. It’s just unbelievably risky.

The national security benefit from it is just really nonexistent. You can’t tell who is somebody to let in the country or not, based on what they read or based on who they’re friends with. These are just not reliable ways to make these kinds of decisions. So you’re exposing individuals to a great amount of insecurity and risk that somebody is going to impersonate them or hack into their account versus a very speculative, theoretical, kind of counterintuitive sense of: maybe it helps us decide who should cross the border and who shouldn’t.

Jeff Schechtman: Of course the other part of that is: somebody crosses the border, you change your password or your pin or whatever.

Jennifer Granick: Well, it depends on how much time you have, right. Because you could, in that time, somebody could put an additional email address on your account, which means that when you change your password, they get notified. Many services have password recovery things that use your password recovery features that use your email. The security advice is not share your password but only for a little while. The security advice is never share your password and there are good reasons for that. Obviously if this happens to you, that’s something you should do but that’s not really going to fix the problem.

Jeff Schechtman: The other part of this, as it relates to some of what we’re talking about in terms of passwords being shared and the government getting into people coming in and their social networks and their phones is that it has an impact on people that are already citizens. People that these people might be in contact with.

Jennifer Granick: Absolutely. In the news, we’ve seen the requests haven’t been limited to people who are not citizens. There was at least one story about a citizen who worked at NASA who was forced to unlock his phone and potentially reveal government scientific secrets about the stuff he was working on at NASA. So the policy hasn’t been limited to foreigners and of course, foreigners who come to the country, they’re our friends, they’re our neighbors, they work with us, they go to school with us and we communicate with them. When we spy on foreigners, we spy on Americans too.

Jeff Schechtman: One of the other things that is a corollary to all of this is the power of the increasing power of the FBI and the way this information can be used.

Jennifer Granick: Yeah, absolutely. I think another misconception people have is that surveillance that’s done for a foreign intelligence purpose is not something the FBI can use to police people inside the country. That’s not true. The FBI has access to information collected for foreign intelligence purposes under a variety of different rules. Sometimes that access is pretty broad. They have access to the raw data, they can search that information without getting a warrant or having any real suspicion for information about Americans. And then that information can be used for domestic security investigations or for criminal investigations or passed on to other agencies. So the FBI has, without question, benefitted and obtained additional evidence that it would not have otherwise been able to obtain without going to a judge and getting a search warrant as a result of our focus on collection in the name of foreign intelligence.

Jeff Schechtman: One of the other points that you make beyond the dangers from the FBI is that surveillance itself is a kind of censorship. Talk a little bit about that.

Jennifer Granick: The question is, what do people do when they think they’re being watched and how free are you if you think you’re being watched and potentially being judged? Research shows and common sense tells you that when people think they’re being surveilled, they change their behavior and they don’t do things that they ordinarily would do. I think maybe all of us now, since the Snowden Revelations or maybe since the new administration or if you didn’t like the old administration, you’d think if I write this, is somebody going to misinterpret it or is somebody going to disagree with it and I’m going to get in trouble and you think about what you write.

Stopping yourself from talking about, writing or thinking about certain things is self-censorship and it extends beyond those kinds of individual acts, who do you become friends with, do you openly go to church, do you participate in public life? One thing that we’ve heard is that people who are here in the country legally have been chilled from political activity, from participating in town halls, from often writing things online because they’re afraid that the government may come after them, revoke their green cards, deport them, etc.

Jeff Schechtman: Of course, what goes along with that is the amount of data and information we voluntarily give up, sometimes being aware of it, sometimes not.

Jennifer Granick: Yeah Jeff, I’m so glad you brought that up because it’s something people often ask me about. Why am I blaming the government instead of blaming private industries like Google, Facebook, Twitter, etc. I think one of the things, it’s not the only reason, but one of the major differences between modern surveillance today and surveillance in the past is that the technology plus the business model has resulted in people voluntarily giving up an immense amount of information.

Once that information is given up and recorded, then it’s available to law enforcement and the only legal debate is with what kind of legal process? Some of that information, we know we’re giving up. I think everybody knows that when they write something on Facebook, that thing they write is available to other people and available to Facebook and potentially available to law enforcement or government as well.

But there’s all kinds of other data that we generate that we may not be fully aware of and people generally classify it as metadata, information about the stuff we write. It could be how long you’re on a webpage, how many times you clicked, what you click, what you search for, all of these types of information that people may not realize are being recorded. Sometimes it’s clear that this is legally protected from suspicion-less surveillance, sometimes it’s not clear that it’s protected but if you generate it and companies save it, then there’s going to be a legal battle over when and how investigators can get a hold of it.

Jeff Schechtman: In your view, why is this surveillance dangerous to a free society?

Jennifer Granick: Well, exactly because of what you said before about people self-censoring first. If you are always worried, then you can’t really speak and develop your ideas freely if you’re always worried that somebody’s watching and that you’re going to get in trouble. The second reason is the point I mentioned about political surveillance.

My concern is that we will have groups who are trying to change the status quo or keep accountable those who are in power and that the tools of surveillance will be used against these groups, and we’ve seen this with subpoenaing, the phone records of journalists to find out who’s leaking to them and you know, it’s just getting out; all their phone records to following and trying to figure out who’s organizing Black Lives Matter protests to the claim that Tea Party groups were singled out for IRS auditing.

These are modern concerns that echo the abuses we saw during the Civil Rights era, where people were spied on for no reason. Senators were spied on for political advantage and that kind of thing. We need those groups and we need our press to be free, we need our legislators to be able to do what their constituents want and not act out of self-preservation or fear because somebody picked up them saying that they don’t want their spouse or their mother to know about.

Jeff Schechtman: Of course the difference is that in the post 9-11 era, all of this is done under the guise of national security.

Jennifer Granick: I think that’s right. September 11 really did change, I think, the government and the public appetite for massive surveillance. It’s a story that makes sense on the surface. When our enemy was Russia and maybe our enemy again is Russia, but when our enemy was Russia during the Cold War, we knew where Russia was, we knew who they were and we knew how to spy on them.

After September 11, if the enemies are terrorists and terrorists could be anywhere, we don’t know exactly where they are, then it seems like the idea is let’s collect all the information we possibly can and dig through it to find the terrorists. I think that’s why the government has developed these plans.

The idea was that if we collect it all, then eventually we can know it all. But that is a simplistic idea that turns out not to be true for a lot of reasons. One of which is if you’re looking for needles in the haystack, it doesn’t help you that much to just keep collecting more hay.

What history shows is that the most effective techniques for finding terrorists are to track the known people and spy on them and not collect information more opportunistically and at random and hope that our computer science will be able to figure it out. So I think it’s absolutely true that September 11 had this big impact and it is one of the reasons why we are as far down the mass surveillance road today as we are. But, I think that the very real dangers that September 11 symbolizes, that there’s a better way to address them than what we are doing now.

Jeff Schechtman: It was a perfect storm in some respects because post-September 11 also was a time in which this technology that allows this, as we talked about before, has continued to evolve pretty dramatically.

Jennifer Granick: Absolutely. You put the will to spy more with the means to spy more and rolling back the law after September 11 with the USA Patriot Act and then you add the government secrecy to that mix, you do have this perfect storm. What was able to happen is because of classification and secrecy surrounding the war on terror, a lot of surveillance activities as well as things like waterboarding and rendition and other practices were able to flourish behind closed doors without the public, the courts or Congress really knowing what was going on. That’s one thing, I think, we have to thank Edward Snowden for, at least now we have some better idea of what’s been going on and he was just one of a series of whistleblowers who had come forward since September 11 to expose massive and in many cases, illegal surveillance activities. So, put all these things together and add in a healthy dose of secrecy, it’s a recipe for abuse.

Jeff Schechtman: Talk a little bit about the oversights, the purported oversights that have been codified as the Patriot Act and other laws have evolved post-9/11.

Jennifer Granick: Yeah. The hallmark of American democracy is this idea of checks and balances and the different branches of government. Congress is supposed to oversee what the president and the intelligence community does and so does the court. I think a big part of that is people have to incentivize Congress to care. The people who are legislators are trying to be responsive to their constituents and it’s not easy to follow and keep up on what all the secret surveillance programs are and figure out how they fit into each other. Constituents need to say to their representatives that we want you to do that and there have been a couple of Senators who have really stood out for their attention to these important issues, but overall, Congress has kind of fallen down on the job a little bit so far.

Once we did know about some of the surveillance programs, like we found out from Edward Snowden about the bulk phone records collection program, Congress did take steps to end it with the USA Freedom Act from last year, from 2015. We’re going to have another opportunity to reform a surveillance law that results in substantial impact on the collection of American communications, and Congress is going to need to hear from people in order to be incentivized to actually do that oversight. With the courts, it’s been a more difficult story because there are a number of legal doctrines that the Bush Administration, the Obama Administration and now the Trump Administration have and will deploy in order to try to prevent courts from seriously considering the legality and constitutionality of some of this surveillance. One practice is just to lie about it, so don’t tell people that they were spied on under these authorities so they can’t challenge the rule.

Another issue is the question of standing which requires you to prove that you are actually in here by the practice you’re challenging and so a lot of cases challenging spying have been dismissed by the courts, because the government has said you don’t know for a fact you’re spied on, and if you were spied on, you don’t know you were spied on under this law, and we’re not going to tell you because that’s classified so you can’t prove that you have the right to be in court. So those cases have been dismissed.

But we have cases that are percolating through where some people have received notice they were spied on or where we have external proof like documents that show that, say, Verizon business customers were spied on, or had their phone records collected. So, the courts are beginning to get involved and I think the courts have shown a real interest in playing their traditional role of being a check and a balance and a review of these programs and their statutory legality as well as their ultimate constitutionality.

Jeff Schechtman: Which brings us to this whole idea of the degree to which the law has kept up with the changes in technology and attitude.

Jennifer Granick: There’s only so much the constitution can do. The Fourth Amendment requires that searches and seizures be reasonable and it’s kind of a floor, but we can always do better than that; but we’re not going to do better than that by passing protective statues until legislators and the public realize that we need to. But technology has just gone so far beyond what statutes do. The main statutes that protect the privacy of our email and other online communications was passed in 1986, before texting and Snapchat. It doesn’t protect email in all cases.

If your email is older than 180 days, then the government doesn’t require a warrant to get it. That’s crazy! What’s the difference between an email that’s 180 days old and one that’s 181 days old? There are other examples as well regarded say, location tracking. What kind of protections do you have for being tracked with your cellphone and being electronically followed 24 hours around the clock? There’s no obvious thing there. That’s just two examples of the way that the law has fallen short.

Jeff Schechtman: One of the other things the law has done is it has become more generous in allowing more and more workplace surveillance, which is sort of a corollary of all of this.

Jennifer Granick: Yeah, absolutely. It’s always been true that employees have had very little protection in the workplace, which is too bad but this can be an avenue for government to collect information about people as well.

Jeff Schechtman: What ultimately, can people do about any of this at this point?

Jennifer Granick: Well, I sort of painted a depressing picture, but as I said in the beginning, I am an optimist. I think there’s a rational exuberance. I think there are really two main tracks that people can take in order to protect themselves, their friends and ultimately to make surveillance more democratically accountable. Because that’s really what I’m advocating for here, we have this sort of over broad, suspicionless, opportunistic, bulky, massive surveillance and it’s not materially, obviously helping us with our national security goals so instead of doing something ideological, let’s rein it in and make surveillance targeted towards the people who are really dangerous to us.

I think there’s two things we can do for that, one is technological and the other is legal. You can protect yourself with technology from opportunistic, suspicion-less surveillance by choosing products that have encryption. Increasingly, companies are taking the security of their users seriously in providing those products and in ways that are ever easier to use, whether it’s iMessage or signals for instant messaging, always using HTTPS for website reading or accessing websites, there are increasingly ways you can use encryption to protect yourself.

Companies are also behind the scenes taking steps to improve their security so that they are not subject to being hacked by government agencies or massively wire tapped or that sort of thing. So that’s really an important step number one. Then number two is we can change the law. It is the law that has allowed technology to get out of hand and the law can be used to rain it back in and to make a stronger place for the court to do oversight and to ensure that when surveillance is conducted, it’s for a good reason and that the information that’s collected is not repurposed for bad reasons or for abusive reasons.

By requiring some kind of factual basis before information can be collected, having judicial oversight of who’s chosen as a target, having rules about how long information can be kept instead of having it just be kept forever, ensuring that people receive notice if their information is collected so that they can challenge it or find out what the government knows about them or ask for it to be deleted. We have a number of tools that we can impose to try to make sure that surveillance is compatible with our democratic values. Finally, I think the precursor for that is to have more transparency. The government has to come clean about what exactly it’s doing and how it’s interpreting the laws and how it’s using them to collect information about us so that we can understand the system and figure out where reform is required.

Jeff Schechtman: Jennifer Granick, her book is American Spies: Modern Surveillance, Why You ShouldCare and What to do About It. Jennifer, thank you so much for spending time with us here on Radio WhoWhatWhy.

Jennifer Granick: Thanks for having me.

Jeff Schechtman: Thank you for listening and joining us here on Radio WhoWhatWhy. I hope you join us next week for another Radio WhoWhatWhy podcast. I’m Jeff Schechtman.

If you liked this podcast, please feel free to share and help others find it by rating and reviewing it on iTunes. You can also support this podcast and all the work we do by going to WhoWhatWhy.org/donate.